Commit graph

12 commits

Author SHA1 Message Date
Stephen Warren
1934665742 gunzip: remove avail_in recalculation
Current, the following passes:
    ./u-boot -d arch/sandbox/dts/test.dtb -c 'ut_image_decomp'
but the following fails:
    ./u-boot -d arch/sandbox/dts/test.dtb -c 'ut dm; ut_image_decomp'

This is because the gunzip code reads input data beyond the end of its
input buffer. In the first case above, this data just happens to be 0,
which just happens to trigger gzip to signal the error the decompression
unit test expects. In the second case above, the "ut dm" test has written
data to the accidentally-read memory, which causes the gzip code to take a
different path and so return a different value, which triggers the test
failure.

The cause of gunzip reading past its input buffer is the re-calculation of
s.avail_in in zunzip(), since it can underflow. Not only is the formula
non-sensical (it uses the delta between two output buffer pointers to
calculate available input buffer size), it also appears to be unnecessary,
since the gunzip code already maintains this value itself. This patch
removes this re-calculation to avoid the underflow and redundant work.

The loop exit condition is also adjusted so that if inflate() has consumed
the entire input buffer, without indicating returning Z_STREAM_END (i.e.
decompression complete without error), an error is raised. There is still
opportunity to simplify the code here by splitting up the loop exit
condition into separate tests. However, this patch makes the minimum
modifications required to solve the problem at hand, in order to keep the
Acked-by: Kees Cook <keescook@chromium.org>

diff simple.

I am not entirely convinced that the loop in zunzip() is necessary at all.
It could only be useful if inflate() can return Z_BUF_ERROR (which
typically means that it needs more data in the input buffer, or more space
in the output buffer), even though Z_FINISH is set /and/ the full input is
available in the input buffer /and/ there is enough space to store the
decompressed output in the output buffer. The comment in zlib.h after the
prototype of inflate() implies this is never the case. However, I assume
there must have been some reason for introducing this loop in the first
place, as part of commit "Fix gunzip to work for any gziped uImage size".

This patch is similar to the earlier b75650d84d "gzip: correctly
bounds-check output buffer", which corrected a similar issue for
s.avail_out.

Cc: Catalin Radu <Catalin@VirtualMetrix.com>
Cc: Kees Cook <keescook@chromium.org>
Fixes: f039ada5c1 ("Fix gunzip to work for any gziped uImage size")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
2016-02-09 15:41:19 -07:00
Tom Rini
1811b7d38c gunzip.c: Only include gzwrite on CONFIG_CMD_UNZIP
Only when we have CONFIG_CMD_UNZIP enabled do we have the 'gzwrite'
command.  While this command should be separated from CONFIG_CMD_UNZIP
we should also only include the write portion of the gz code in that
case as well.

Signed-off-by: Tom Rini <trini@konsulko.com>
2016-01-19 08:31:17 -05:00
Stephen Warren
7c4213f6a5 block: pass block dev not num to read/write/erase()
This will allow the implementation to make use of data in the block_dev
structure beyond the base device number. This will be useful so that eMMC
block devices can encompass the HW partition ID rather than treating this
out-of-band. Equally, the existence of the priv field is crying out for
this patch to exist.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-01-13 21:05:18 -05:00
Simon Glass
24b852a7a2 Move console definitions into a new console.h file
The console includes a global variable and several functions that are only
used by a small subset of U-Boot files. Before adding more functions, move
the definitions into their own header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-11-19 20:27:50 -07:00
Eric Nelson
918e9ebb45 gunzip: add gzwrite routine for extracting compresed images to block device
Initial filesystem images are generally highly compressible.

Add a routine gzwrite that allows gzip-compressed images to be
written to block devices.

Signed-off-by: Eric Nelson <eric.nelson@boundarydevices.com>
Reviewed-by: Tom Rini <trini@ti.com>
2015-04-22 12:14:55 -04:00
Simon Glass
9c55c54fb4 gunzip: Update lenp even on error
This allows the caller to easily detect how much of the destination buffer
has been used.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-01-14 11:35:44 -05:00
Kees Cook
b75650d84d gzip: correctly bounds-check output buffer
The output buffer size must not be reset by the gzip decoder or there
is a risk of overflowing memory during decompression.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2013-09-03 13:30:14 -06:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Mike Frysinger
e3ed0575a7 gunzip: rename z{alloc, free} to gz{alloc, free}
This allows us to add a proper zalloc() func (one that does a zeroing
alloc), and removes duplicate prototypes.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2012-04-30 16:54:51 +02:00
Catalin Radu
f039ada5c1 Fix gunzip to work for any gziped uImage size
Signed-off-by: Catalin Radu <Catalin@VirtualMetrix.com>
2011-04-12 22:58:30 +02:00
Stefan Roese
f852628638 zlib/gunzip: Use WATCHDOG_RESET macro
As usually done in U-Boot, the watchdog_reset code is called via a
macro (WATCHDOG_RESET). In zlib.c this was done differently, by using
a function pointer which is initialized with WATCHDOG_RESET upon watchdog
usage or with NULL otherwise. This patch now uses the plain
WATCHDOG_RESET macros to call the function resulting in slightly smaller
U-Boot images and simpler code.

U-Boot code size reduction:

PowerPC board with watchdog support (lwmon5):
-> 80 bytes smaller image size

PowerPC board without watchdog support (sequoia):
-> 112 bytes smaller image size

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Detlev Zundel <dzu@denx.de>
Cc: Wolfgang Denk <wd@denx.de>
Acked-by: Detlev Zundel <dzu@denx.de>
2010-10-12 21:15:10 +02:00
Peter Tyser
78acc472d9 Rename lib_generic/ to lib/
Now that the other architecture-specific lib directories have been
moved out of the top-level directory there's not much reason to have the
'_generic' suffix on the common lib directory.

Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
2010-04-13 09:13:04 +02:00
Renamed from lib_generic/gunzip.c (Browse further)